BloodHound Enterprise

Your Attack Path Management solution

BLOODHOUND ENTERPRISE

​Ihre Attack-Path-Management-Lösung

Eliminate attack paths

with BloodHound Enterprise & TEAL

Attack Paths are nothing new ❯ Identity-based attack paths have been common for a long time and form chains of abusive privileges and user behaviors. These establish direct and indirect connections between computers and users.

 

Attack Path Management (APM) is a unique methodology that helps organizations understand attack path risks, empirically quantify their impact, and eliminate them. The primary goal of APM is to directly solve the attack path problem, which is a known issue in the Microsoft Active Directory and Azure Active Directory ecosystem. These platforms are the most lucrative for attackers because taking control of an organization gives them complete control over all users, systems and data in that organization. Your company.

Early 2022, we partnered up with SpecterOps for the Bloodhound Enterprise deployment as their European partner. BloodHound Enterprise is an Attack Path Management solution that constantly maps and quantifies Active Directory attack paths. You can remove millions or even billions of attack paths within your existing IT architecture and eliminate attacker techniques.

 

TEAL is happy to support you with the integration of BloodHound Enterprise.

 

Contact us for a first consultation to reduce your attack path risk!

Attack Path

The problems

of customers

Attackers have been exploiting Active Directory attack paths to achieve their goals for years. And for good reason, because the Active Directory is…:

... the foundation of most IT infrastructures

 

Although taking control of AD is not usually the attacker's end goal (stealing, encrypting or deleting data), most enterprise applications, services, identities and critical operations are built on top of AD.  

... omnipresent

 

Active Directory is used by almost every organization. This allows attackers to use the same paths and tools as often as they like to attack a variety of organizations.

... high performance

 

Attackers use the same administrative functions that make Active Directory so useful to enterprises to achieve their goal without the use of exploits.

The solution

with BloodHound Enterprise

Continuous mapping of attack paths

The network, user privileges, application permissions, and group memberships are constantly changing to meet new business needs. On every system a registered user logs in, they leave digital footprints an attacker can potentially read. As the environment is constantly changing, the attack paths that can be used by the attacker are also constantly changing and must be continuously captured and mapped. BloodHound Enterprise...

    • ... maps every relationship and connection
    • ... shows the actual permissions
    • ... uncovers new and previously hidden attack paths

Prioritization of attack path choke points

Indiscriminate elimination of AD misconfigurations does not significantly improve the security level and additionally has a negative impact on the productivity and morale of the Active Directory team. However, if it is possible to empirically find the misconfigurations whose elimination will eliminate the most attack paths, a significant increase in the security level can be achieved in a much shorter period of time. BloodHound Enterprise...

    • ... measures the influence of each point in an attack path
    • ... identifies the optimal locations to eliminate the greatest number of attack paths
    • ... sorts these key points in order of greatest impact
    • ... minimizes the effort required to fix misconfigurations

Practical and detailed instructions on how to eliminate the misconfigurations

Generic, impractical, or overly complicated remedies do not provide any benefit. They can even lead to failures if implemented without fully understanding the implications. Meaningful guidance must be written with knowledge of the effective privileges of users, as well as the resulting attack paths, and with clear, unambiguous language. BloodHound Enterprise…

    • ... can provide practical workarounds without making drastic changes to the AD
    • ... provides precise and comprehensive instructions to eliminate attack paths
    • ... provides assistance to verify that the privileges to be removed are indeed not needed

Continuous measurement of the safety level

In order to permanently improve one's security level, one must be able to identify the current level and then continuously measure the change in the level. Often, security products lack the ability to empirically measure the entire system, so they are unable to perform a true risk assessment. Active Directory, while a complicated and dynamic system, is a closed system that allows for continuous and comprehensive measurement of attack path risk. BloodHound Enterprise...

    • ... instantly creates a baseline from the Active Directory, identifies each attack path and the risk from each node on the path
    • ... continuously measures when changes are made to the Active Directory and reassesses the risk
    • ... recognizes significant improvements in security posture, by eliminating choke points

The solution

with BloodHound Enterprise

Continuous mapping of attack paths

The network, user privileges, application permissions, and group memberships are constantly changing to meet new business needs. On every system a registered user logs in, they leave digital footprints an attacker can potentially read. As the environment is constantly changing, the attack paths that can be used by the attacker are also constantly changing and must be continuously captured and mapped. BloodHound Enterprise...

      • ... maps every relationship and connection
      • ... shows the actual permissions
      • ... uncovers new and previously hidden attack paths

Prioritization of attack path choke points

Indiscriminate elimination of AD misconfigurations does not significantly improve the security level and additionally has a negative impact on the productivity and morale of the Active Directory team. However, if it is possible to empirically find the misconfigurations whose elimination will eliminate the most attack paths, a significant increase in the security level can be achieved in a much shorter period of time. BloodHound Enterprise...

      • ... measures the influence of each point in an attack path
      • ... identifies the optimal locations to eliminate the greatest number of attack paths
      • ... sorts these key points in order of greatest impact
      • ... minimizes the effort required to fix misconfigurations

Practical and detailed instructions on how to eliminate the misconfigurations

Generic, impractical, or overly complicated remedies do not provide any benefit. They can even lead to failures if implemented without fully understanding the implications. Meaningful guidance must be written with knowledge of the effective privileges of users, as well as the resulting attack paths, and with clear, unambiguous language. BloodHound Enterprise…

      • ... can provide practical workarounds without making drastic changes to the AD
      • ... provides precise and comprehensive instructions to eliminate attack paths
      • ... provides assistance to verify that the privileges to be removed are indeed not needed

Continuous measurement of the safety level

In order to permanently improve one's security level, one must be able to identify the current level and then continuously measure the change in the level. Often, security products lack the ability to empirically measure the entire system, so they are unable to perform a true risk assessment. Active Directory, while a complicated and dynamic system, is a closed system that allows for continuous and comprehensive measurement of attack path risk. BloodHound Enterprise...

      • ... instantly creates a baseline from the Active Directory, identifies each attack path and the risk from each node on the path
      • ... continuously measures when changes are made to the Active Directory and reassesses the risk
      • ... recognizes significant improvements in security posture, by eliminating choke points

BloodHound Enterprise information breakdown

Objective

✓ Continuously identify all Attack Paths risks
✓ Prioritize risks by quantifiable exposure
✓ Provide prescriptive, practical remediation guidance
✓ Visualize Attack Path risk posture over time

Delivery

✓ Software-as-a-Service (SaaS) web application
✓ Full REST APIs
✓ User Management with RBAC

Data Collection

✓ Distributed collectors with health monitoring
✓ Scheduled data collection
✓ Signed binaries

Analytics

✓ Automatically identifies all Attack Path risks
✓ Prioritizes Attack Path risks based on quantifiable Tier Zero and critical asset exposure

 

Trend Reporting

✓ Attack Path risk trend reporting over time (e.g.,Tier Zero exposure %, active risks, etc.)

Target User

✓ Security Operations Teams
✓ IT Operations Teams
✓ Active Directory Administrators and Architects

Support

✓ Enterprise Support Model

Data Reconciliation

✓ Data reconciled automatically to display "current state" of Active Directory with active Attack Path risks

Remediations

✓ Prescriptive remediations with step-by-step instructions
✓ Exportierbare Pläne für Korrekturmaßnahmen in vollem Umfang
✓ Logging Guidance to protect against breaking changes

Search

✓ Pathfinding across assets
✓ Support for graphing hundreds of thousands of nodes

Webinar

on the topic BloodHound Enterprise

Webinar

on the topic BloodHound Enterprise

Why

with us

Andy Robbins, Rohan Vazarkar and Will Schroeder of SpecterOps.io developed BloodHound free and open-source (FOSS or BloodHound Community Edition) in 2016 to enable penetration testers and Red Teamers to visualize enterprise attacker risk and help defenders prepare for impending attacks. Since then, BloodHound has been used by attackers and defenders alike to identify and analyze attack paths in Active Directory environments in the field.

While BloodHound Community Edition is designed to identify attack avenues that can be exploited, the team's vision was to develop BloodHound Enterprise to continuously and comprehensively manage all attack risks in real time.

 

Early 2022, we partnered up with SpecterOps for the Bloodhound Enterprise deployment as their European partner.

 

We are your Trusted Advisor in all matters relating to information security.

 

Our accumulated experience and know-how in the area of Microsoft Infrastructure as well as Active Directory security is not only passed on in customer-specific project implementation, but we also act as a provider of special solutions. Our goal is to continuously increase security in corporate environments and to support you with highly efficient solutions as a full managed service provider.

BloodHound Enterprise
Your advantages at a glance

Unparalleled visibility into Active Directory

Measurably improved safety position

Elimination of "emergency solutions"

Improving the availability of directory services

Your contact person at TEAL

Fabian Böhm – IT-Consultant

Send a request now




    Send a request now




      BloodHound Enterprise
      Your advantages at a glance

      Unparalleled visibility into Active Directory

      Measurably improved safety position

      Elimination of "emergency solutions"

      Improving the availability of directory services

      Your contact person at TEAL

      Fabian Böhm – IT-Consultant

      en_US